CVE-2018-18928: Integer Overflow
Published Nov 4, 2018
·Updated
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/numberdecimalquantity.cpp.
Affected Software
1 affected component
icu-project International Components For Unicode C\/c\+\+=63.1
Remediation
Event History
Nov 4, 2018
CVE Published
via MITRE·08:00 PM
Data Sourced
via MITRE·08:00 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2018-18928?
The severity of CVE-2018-18928 is critical with a CVSS score of 9.8.
2
What is the affected software for CVE-2018-18928?
The affected software for CVE-2018-18928 is International Components for Unicode (ICU) for C/C++ version 63.1.
3
What is the CWE ID for CVE-2018-18928?
The CWE ID for CVE-2018-18928 is 190.
4
How can the integer overflow vulnerability in CVE-2018-18928 be exploited?
The integer overflow vulnerability in CVE-2018-18928 can be exploited by triggering the overflow condition in the number::impl::DecimalQuantity::toScientificString() function.
5
Is there a fix available for CVE-2018-18928?
Yes, a fix has been provided in the identified commits and patches.